Content-type: text/html Man page of Mail::SpamAssassin::Plugin::DKIM

Mail::SpamAssassin::Plugin::DKIM

Section: User Contributed Perl Documentation (3pm)
Updated: 2008-06-10
Index Return to Main Contents
 

NAME

Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests  

SYNOPSIS

 loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]

 full DKIM_VALID     eval:check_dkim_valid()
 full DKIM_VALID_AU  eval:check_dkim_valid_author_sig()

(for compatibility, a check_dkim_verified is a synonym for check_dkim_valid)  

DESCRIPTION

This SpamAssassin plugin implements DKIM lookups as described by the RFC 4871, as well as historical DomainKeys lookups, as described by RFC 4870, thanks to the support for both types of signatures by newer versions of module Mail::DKIM (0.22 or later).

It requires the "Mail::DKIM" CPAN module to operate. Many thanks to Jason Long for that module.  

TAGS

The following tags are added to the set, available for use in reports, header fields, other plugins, etc.:

  _DKIMIDENTITY_  signing identities (the 'i' tag) from valid signatures;
  _DKIMDOMAIN_    signing domains (the 'd' tag) from valid signatures;

Identities and domains from signatures which failed verification are not included in these tags. Duplicates are eliminated (e.g. when there are two or more valid signatures from the same signer, only one copy makes it into a tag). Note that there may be more than one signature in a message - currently they are provided as a space-separated list, although this behaviour may change.  

SEE ALSO

"Mail::DKIM", "Mail::SpamAssassin::Plugin"

  http://jason.long.name/dkimproxy/
  http://tools.ietf.org/rfc/rfc4871.txt
  http://tools.ietf.org/rfc/rfc4870.txt
  http://ietf.org/html.charters/dkim-charter.html

 

USER SETTINGS

whitelist_from_dkim [email protected] [signing-identity]
Use this to supplement the whitelist_from addresses with a check to make sure the message with a given From address (the author's address) carries a valid Domain Keys Identified Mail (DKIM) signature by a verifier-acceptable signing-identity (the i= tag).

Only one whitelist entry is allowed per line, as in "whitelist_from_rcvd". Multiple "whitelist_from_dkim" lines are allowed. File-glob style characters are allowed for the From address (the first parameter), just like with "whitelist_from_rcvd". The second parameter does not accept wildcards.

If no signing identity parameter is specified, the only acceptable signature will be a first-party signature, i.e. the so called author signature, which is a signature where the signing identity of a signature matches the author address (i.e. the address in a From header field).

Since this whitelist requires a DKIM check to be made, network tests must be enabled.

Examples of whitelisting based on an author signature (first-party):

  whitelist_from_dkim [email protected]
  whitelist_from_dkim [email protected]
  whitelist_from_dkim *@*.example.com

Examples of whitelisting based on third-party signatures:

  whitelist_from_dkim [email protected]     [email protected]
  whitelist_from_dkim [email protected] example.net
  whitelist_from_dkim [email protected]     example.org
  whitelist_from_dkim [email protected]   example.com
  whitelist_from_dkim *@*                  remailer.example.com

def_whitelist_from_dkim [email protected] [signing-identity]
Same as "whitelist_from_dkim", but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for abuse of public mailers which sign their mail.
 

ADMINISTRATOR SETTINGS

dkim_timeout n (default: 5)
How many seconds to wait for a DKIM query to complete, before scanning continues without the DKIM result.


 

Index

NAME
SYNOPSIS
DESCRIPTION
TAGS
SEE ALSO
USER SETTINGS
ADMINISTRATOR SETTINGS

This document was created by man2html, using the manual pages.
Time: 04:14:16 GMT, September 24, 2010